Monthly Archives: June 2010

Tokenization and encryption may be the best solution to one of the biggest data-security challenges facing merchants: how to protect confidential payment card information against emerging threats without disrupting normal business operations. That’s according to a security brief released on Tuesday by RSA, the Security Division of EMC. Security experts from processor First Data Corp. and Visa Inc. also contributed to the report

Merchants have gained some welcome breathing room for complying with PCI: The PCI Standards Council today announced its standards cycle will move from a two- to three-year cycle.The extra year between new versions of the PCI DSS, PA-DSS, and PCI DTS standards came in response to complaints from merchants and others in the secure payment industry that the current schedule of releasing new requirements every two years was too tight.

With every company reliant on software to run its business, an alarming rise in data breach incidents across industries, but especially credit card processing, means application security is becoming an increasingly critical part of any organisation’s overall IT security strategy. For organisations that store, transmit or process credit card information, it is vital as they must be able to demonstrate compliance with the Payment Card Industry Data Security Standards (PCI DSS).

A Bank of America call center employee has pleaded guilty to charges that he stole sensitive client information and then tried to sell it for cash.

Brian Matty Hagen pleaded guilty last week to one count of bank fraud. According to court filings he allegedly recorded customer account information when BofA customers called him for technical support at the Florida call center where he worked.

Federal auditors have criticized the security and design of a General Services Administration e-travel system, suggesting changes to it as part of a yearly review of the agency&apos;s IT process.

In the Office of the Inspector General&apos;s semiannual report to Congress, auditors said that the GSA&apos;s implementation of the E2 Solutions travel management system has security and usability issues that, among other things, don&apos;t properly measure the performance of the system and make it unfriendly for users, particularly disabled ones.

A California hospital will fire five employees and discipline another because they posted personal discussions concerning hospital patients using social media.An ongoing investigation at Tri-City Medical Center in Oceanside “has not yet identified any evidence that patient names, photographs, or similar identifying information was posted by these employees,” according to a statement from Larry Anderson, CEO. “But our investigation yielded sufficient information to warrant disciplinary action.”

With 40 some pieces of cybersecurity legislation pending before Congress, FISMA II is one that has drawn significant attention from the government-contracting world. While most government agencies and federal contractors learned to check the box and implement whatever measures the act set as standards the first time around, the FISMA II will demand more than that: Instead of being compliance focused, the new bill will introduce performance-based standards and guidelines.

With evidence mounting of flagrant abuses of PCI-DSS security standards, two attorneys are on the verge of announcing the official filing of a national lawsuit against one of the hospitality industry’s biggest point-of-sale (POS) technology providers and one of its system resellers. The targets of the upcoming legal action will be Restaurant Data Concepts, Inc. of Warwick, Rhode Island – creators of the POSitouch™ system – and CC Productions of Hoboken, New Jersey, the reseller. POSitouch technology is installed in more than 20,000 restaurants nationwide.